[AusNOG] Telstra is Disabling SIP ALG on CGNAT Platforms

Russell Langton russell3901 at gmail.com
Mon Jul 1 11:16:28 AEST 2024 

Hi AusNOGgers,

As part of our ongoing efforts to modernize our network and enhance service
reliability, we are implementing changes that will impact certain legacy
features, including SIP (Session Initiation Protocol) traffic handling.

Effective 9th of July 2024, Telstra is initiating the process of disabling
SIP ALG traffic from its CGNAT Platforms. This decision aligns with
industry standards and best practices in network security and performance
optimization.

SIP ALG was originally intended to assist in managing SIP traffic across
different network boundaries but has since been found to cause more issues
than benefits, including potential interference with VoIP (Voice over
Internet Protocol) services and other applications.


The typical SIP ALG use cases of VoIP solutions are as follows:

   - Customers using 3rd party legacy VOIP solutions.
   - Wireless subscribers running 3rd party VoIP SIP applications.


Disabling SIP ALG will have no negative impacts on TIPT services. If you
are using any services which are categorized as the two use cases above,
please check your router and application settings and use TLS for your SIP
applications to avoid any issues.

* time-frame *

We are planning to start the deployment on 9th July 2024 and 11th July 2024
in South Australia.

Further deployments in other states are planned by the end of July and will
be advised to the list.


* Things to be aware of *

- If you are using 3rd party legacy VOIP solutions, or a wireless
subscriber running 3rd party VoIP SIP applications using Telstra, please
make sure you check your settings prior to our deployment and use TLS
(Transport Layer Security Encryption) instead of SIP ALG to avoid any
possible impact. In some cases, you will need to check your router settings
for SIP ALG as well.

* Basic flow *

   - The purpose of the SIP ALG is to facilitate SIP signalling and related
   media through GGNAT by monitoring SIP exchanges and ensuring by-directional
   signalling and media flows are permitted and handled correctly.
   - Modern SIP implementations are NAT aware and do not require a SIP ALG
   on the Service Provider CGNAT to function.
   - Some SIP solutions (particularly legacy ones) may not be NAT aware or
   may not be configured for NAT-traversal by default.
   - Once Telstra disables the SIP ALG for Mobile Broadband, all SIP
   signalling and media flows will be treated as standard IP traffic and
   handled as normal CGNAT flows: It’s expected that most applications will
   handle this change gracefully, but some solutions (particularly legacy
   platforms) may need to be reconfigured for NAT-traversal using mechanisms
   such as STUN, ICE and TURN, to name a few.


*Work around *

For apps which appear broken, try to avoid SIP ALG. Another alternate would
be to use customer devices with ipv6 provision for VOIP applications.

Telstra has enabled Mobile Ipv6 for a while so any VOIP applications should
be using this in the first instance.


* Contacting us*

Telstra is exiting support for SIP ALG. We are aiming to work with
community forums like AusNOG and Whirlpool to ensure this is a smooth
rollout.

For any assistance, please contact your application support, or reach out
directly to ipv6wirelessdeployment at team.telstra.com to directly contact our
CGNAT technical teams about this issue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ausnog.net/pipermail/ausnog/attachments/20240701/cb12fcbe/attachment.htm>

More information about the AusNOG mailing list